Ubisoft DRM allows backdoor for malware

Ubisoft has been quite notorious amongst pc gamers for the digital rights management added to their games over the last few years. Their reputation may sink even lower now, if possible, due to a backdoor discovered by a programmer named Tavis Ormandy. The exploit is found in the Uplay software necessary to play many of Ubisoft’s current games. UPlay installs a browser plug-in, and that is where the exploit was discovered. It will allow a malicious hacker virtually complete access to your pc.

Disabling UPlay and UPlay PC Hub seems to close the exploit, but of course, this also keeps you from playing your games. Ubisoft has not released a statement, other than telling PC Gamer that they are “looking into” the problem.

You can read the story at Ars Technica, and find the original post from Mr. Ormandy here.

Edit: Ubisoft has responded to the reported exploit with a patch and this official comment:

“We have made a forced patch to correct the flaw in the browser plug-in for the Uplay PC application that was brought to our attention earlier today. We recommend that all Uplay users update their Uplay PC application without a Web browser open. This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com.

Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues.”